PT-2014-3960 · Ibm · Ibm Netcool/Omnibus
Published
2014-05-01
·
Updated
2017-08-29
·
CVE-2014-0942
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Netcool/OMNIbus version 7.4.0 before FP2
Description
A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This is due to a vulnerability in the webtop/eventviewer/eventViewer.jsp file in the Web GUI.
Recommendations
For IBM Netcool/OMNIbus version 7.4.0 before FP2, apply FP2 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Netcool/Omnibus